Online applications typically run locally on computers or other computing devices such as tablets or smartphones. As depicted in FIG. 1, in the current state of the art, a game server (120) communicates with the players (115) in the game. Each of the players utilizes a single computing device (e.g., computer, phone, or tablet), and the players can communicate with the game server (120) or with each other over the Internet (110).
In other examples, the games may require a direct communication between the two devices so that two devices can be used together to play games and may not utilize an online server. Furthermore, these games do not use two devices to achieve security, nor to split up an application to protect against malware.
It is common for these computing devices to become infected with malware (i.e., malicious code that runs on the user's device). Malware can compromise the security of a user's device. When online applications involve the transfer of money, the consequences are that the attacker can steal money. For example, there are documented instances where malicious code on a user's computer has revealed confidential information to an attacker in an online game, and the attacker was able to use this information to defeat the other player and thus steal money from the victim.
Efforts to secure online applications have focused on requiring the user to install anti-virus or firewall technologies on the electronic devices to attempt to keep the malicious code from being installed or from running. However, it is not realistic to assume that average users can administer their computers and other electronic devices adequately.
Further efforts to secure online applications have involved two-factor authentication. Two-factor authentication is utilized to authenticate users, authorize transactions, or to notify users of irregularities in their accounts. In two-factor authentication, a user logs into a first device (e.g., a computer) and then uses a second device (e.g., a smartphone) as part of the authentication process. The second device receives code, for example by text or email, and the user is instructed to enter that code into the first device, where the rest of the interaction with the application takes place. Examples of two-factor authentication include RSA™ tokens and SMS notification systems. In two-factor authentication, the second device is no longer needed once the authentication takes place. Accordingly, two-factor authentication will not offer protection against malware after the authentication takes place.